Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\desktop.ini
- [<HKLM>\System\CurrentControlSet\Services\Yqhyqh Aqiaq] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Yqhyqh Aqiaq] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\Storm\update\QQ.exe -auto'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'Start' = '00000001'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'ImagePath' = 'system32\DRIVERS\QAssist.sys'
- 'Yqhyqh Aqiaq' %ALLUSERSPROFILE%\Application Data\Storm\update\QQ.exe -auto
- [<HKLM>\SYSTEM\CurrentControlSet\Services\QAssist] 'Group' = 'FSFilter Activity Monitor'
- %ALLUSERSPROFILE%\application data\storm\update\qq.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\pictures.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\~ictures.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\music\playlists\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\links\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\saved games\desktop.ini
- %APPDATA%\microsoft\windows\libraries\~usic.tmp
- %LOCALAPPDATA%\microsoft\windows sidebar\gadgets\desktop.ini
- %APPDATA%\microsoft\windows\libraries\~ideos.tmp
- %APPDATA%\microsoft\windows\libraries\~ocuments.tmp
- %HOMEPATH%\pictures\slide shows\desktop.ini
- %APPDATA%\microsoft\windows\libraries\~ictures.tmp
- %HOMEPATH%\music\playlists\desktop.ini
- <DRIVERS>\qassist.sys
- %WINDIR%\temp\udde32.tmp
- nul
- %WINDIR%\temp\udd1729.tmp
- %WINDIR%\temp\udd1f06.tmp
- %WINDIR%\temp\udd26e4.tmp
- %WINDIR%\syswow64\config\systemprofile\downloads\desktop.ini
- %WINDIR%\temp\udd2ec1.tmp
- %WINDIR%\syswow64\config\systemprofile\pictures\slide shows\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\~ocuments.tmp
- %WINDIR%\syswow64\config\systemprofile\searches\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\music\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\music.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\~usic.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\burn\burn\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\videos\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows sidebar\gadgets\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\videos.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\~ideos.tmp
- %WINDIR%\syswow64\config\systemprofile\pictures\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\desktop\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\contacts\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\favorites\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\documents\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\documents.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\recent\desktop.ini
- %WINDIR%\temp\udd369e.tmp
- %ALLUSERSPROFILE%\application data\storm\update\qq.exe
- %WINDIR%\syswow64\config\systemprofile\saved games\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\links\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\music\playlists\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\downloads\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\pictures\slide shows\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\recent\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\documents\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\desktop.ini
- %HOMEPATH%\pictures\slide shows\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\favorites\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\contacts\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\desktop\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\pictures\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\videos\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\burn\burn\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\music\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\searches\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\start menu\desktop.ini
- %HOMEPATH%\music\playlists\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\music.library-ms~rf65705.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows sidebar\gadgets\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\videos.library-ms~rf65772.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\documents.library-ms~rf6581d.tmp
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\pictures.library-ms~rf6589a.tmp
- %LOCALAPPDATA%\microsoft\windows sidebar\gadgets\desktop.ini
- %WINDIR%\temp\udde32.tmp
- %WINDIR%\temp\udd1729.tmp
- %WINDIR%\temp\udd1f06.tmp
- %WINDIR%\temp\udd26e4.tmp
- %WINDIR%\temp\udd2ec1.tmp
- %WINDIR%\temp\udd369e.tmp
- from %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\music.library-ms to %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\music.library-ms~rf65705.tmp
- from %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\videos.library-ms to %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\videos.library-ms~rf65772.tmp
- from %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\documents.library-ms to %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\documents.library-ms~rf6581d.tmp
- from %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\pictures.library-ms to %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\pictures.library-ms~rf6589a.tmp
- from %APPDATA%\microsoft\windows\libraries\music.library-ms to %APPDATA%\microsoft\windows\libraries\music.library-ms~rf6a005.tmp
- from %APPDATA%\microsoft\windows\libraries\videos.library-ms to %APPDATA%\microsoft\windows\libraries\videos.library-ms~rf6a092.tmp
- from %APPDATA%\microsoft\windows\libraries\documents.library-ms to %APPDATA%\microsoft\windows\libraries\documents.library-ms~rf6a1ca.tmp
- from %APPDATA%\microsoft\windows\libraries\pictures.library-ms to %APPDATA%\microsoft\windows\libraries\pictures.library-ms~rf6a2c3.tmp
- %APPDATA%\microsoft\windows\libraries\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\burn\burn\desktop.ini
- %HOMEPATH%\videos\desktop.ini
- %HOMEPATH%\pictures\desktop.ini
- %HOMEPATH%\desktop\desktop.ini
- %HOMEPATH%\favorites\desktop.ini
- %APPDATA%\microsoft\windows\start menu\programs\administrative tools\desktop.ini
- %HOMEPATH%\music\desktop.ini
- %APPDATA%\microsoft\windows\start menu\programs\desktop.ini
- %APPDATA%\microsoft\windows\recent\desktop.ini
- %HOMEPATH%\downloads\desktop.ini
- %APPDATA%\microsoft\windows\start menu\desktop.ini
- %HOMEPATH%\documents\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\music.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows sidebar\gadgets\desktop.ini
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\videos.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\documents.library-ms
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\libraries\pictures.library-ms
- %APPDATA%\Microsoft\Windows\Libraries\Music.library-ms
- %LOCALAPPDATA%\microsoft\windows sidebar\gadgets\desktop.ini
- %APPDATA%\Microsoft\Windows\Libraries\Videos.library-ms
- %APPDATA%\Microsoft\Windows\Libraries\Documents.library-ms
- %APPDATA%\Microsoft\Windows\Libraries\Pictures.library-ms
- 'zh######a.u1.luyouxia.net':50346
- DNS ASK zh######a.u1.luyouxia.net
- '%ALLUSERSPROFILE%\application data\storm\update\qq.exe' -auto
- '%ALLUSERSPROFILE%\application data\storm\update\qq.exe' -acsi
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 2 127.0.0.1 > nul && del <Full path to file> > nul' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 2 127.0.0.1 > nul && del <Full path to file> > nul
- '%WINDIR%\syswow64\ping.exe' -n 2 127.0.0.1